[Snyk] Fix for 1 vulnerabilities

[William-GuoWei]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • escheduler-ui/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file ([BUG] jar包冲突Correct the classpath of your application so that it contains a single, compatible version of javax.servlet.ServletContext apache/dolphinscheduler#860)
• e7525c9 test: nested url (How to reduce incubator-dolphin scheduler front-end Vue framework base dependency packages（如何减少incubator-dolphinscheduler前端vue框架基础依赖包） apache/dolphinscheduler#859)
• 7259faa test: css hacks ([BUG][#857]repair cross-project dependency delete bug apache/dolphinscheduler#858)
• 5e6034c feat: allow to filter import at-rules ([BUG] Cross-project dependency delete bug(跨项目流依赖删除有异常) apache/dolphinscheduler#857)
• 5e702e7 feat: allow filtering urls (Fix the en doc link. apache/dolphinscheduler#856)
• 9642aa5 test: css stuff (Highlight the mail list as high priority contact channel. apache/dolphinscheduler#855)
• 3338656 fix: reduce number of require for url ([fix bug][#847] Update pom.xml apache/dolphinscheduler#854)
• 533abbe test: issue 636 (增加打开yarn页面的功能 apache/dolphinscheduler#853)
• 08c551c refactor: better warning on invalid url resolution ([BUG] HDFS-HA connect fail  apache/dolphinscheduler#852)
• b0aa159 test: issue update i18n apache/dolphinscheduler#589 (增加功能： 项目管理－>任务实例:当任务类型为SPARK　和FLINK时,增加跳转到查看yarn页面的功能 apache/dolphinscheduler#851)
• f599c70 fix: broken unucode characters ([Bug]当两个人同时登陆admin账户的时候，其中一个人退出账户之后，另一个也会被迫退出 apache/dolphinscheduler#850)
• 1e551f3 test: issue 286 ([Feature]项目授权过粗，结合问题#848查看 apache/dolphinscheduler#849)
• 419d27b docs: improve readme ([Feature]跨项目引用工作流问题 can`t quote flows from a another project apache/dolphinscheduler#848)
• d94a698 refactor: webpack-default ([BUG] fastjson版本过低，存在安全漏洞 apache/dolphinscheduler#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes ([Feature]同一项目下，跨工作流引用节点的问题 apache/dolphinscheduler#845)
• 8a6ea10 refactor: postcss plugins ([BUG] 中文文档中看到，创建租户会自动在worker上创建linux用户，但在实际的使用中，并没有创建  apache/dolphinscheduler#844)
• fdcf687 fix: url resolving logic (补数据时，无法从UI上看到补数日期，这个希望能够新增下相关功能 can't see the very date when make up history data from UI apache/dolphinscheduler#843)
• 889dc7f feat: allow to disable css modules and disable their by default ([FEATURE][#841]Add HTTP components（添加HTTP组件） apache/dolphinscheduler#842)
• ee2d253 test: importLoaders option (Add HTTP components apache/dolphinscheduler#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (appliction_worker.properties logging.config bug fix apache/dolphinscheduler#840)
• fe94ebc test: icss reserved keywords (Spark task component only support spark1.X using sprak-submit, not suitable for spark2 apache/dolphinscheduler#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin ([BUG] start_all.sh execute failed apache/dolphinscheduler#838)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades html-minifier-terser@5.0.0 -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: node-sass

The new version differs by 74 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 ([Feature-3223][ui]Click DAG connection to add label function apache/dolphinscheduler#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 ([bugFix] ambari plugin the config options which unit doesn't write into config file apache/dolphinscheduler#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (如何控制单台Worker的并发执行任务的数量 apache/dolphinscheduler#3149)
• e80d4af chore: Drop EOL Node 15 (Can you change the ResourceManager HTTP port to a configuration file,thank you apache/dolphinscheduler#3122)
• d753397 feat: Add Node 17 support (dag add close buttion apache/dolphinscheduler#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (fix release for nginx not package config files, eg: zookeeper.properties apache/dolphinscheduler#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (resolve #3096 In ambari plugin the config options which has unit doe… apache/dolphinscheduler#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 ([QUESTION] Failure to call the interface 400 /dolphinscheduler/projects/{projectName}/executors/start-process-instance apache/dolphinscheduler#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (merge from 1.3.1-release apache/dolphinscheduler#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" ([Feature-3123]user register apache/dolphinscheduler#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (Code call interface error http code 405 apache/dolphinscheduler#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node ([BUG] Fix all the bug reported by Sonar apache/dolphinscheduler#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: optimize-css-assets-webpack-plugin

The new version differs by 2 commits.

• 662dfb7 3.2.1
• 7ab5e15 Upgrade cssnano dependency

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 213226e 4.0.0
• fde0183 Merge pull request can i change the line in DAG into straight line？ apache/dolphinscheduler#6081 from webpack/formating/prettier
• b6396e7 update stats
• f32bd41 fix linting
• 5238159 run prettier on existing code
• 518d1e0 replace js-beautify with prettier
• 4c25bfb 4.0.0-beta.3
• dd93716 Merge pull request [Question] Worker memory keeps growing apache/dolphinscheduler#6296 from shellscape/fix/hmr-before-node-stuff
• 7a07901 Merge pull request [Bug] [API] Switch node cannot get branch flow apache/dolphinscheduler#6563 from webpack/performance/assign-depth
• c7eb895 Merge pull request #6452 from webpack/update_acorn
• 9179980 Merge pull request [Fix-6550][UI] Fix DAG environment list will not be updated bug apache/dolphinscheduler#6551 from nveenjain/fix/templatemd
• e52f323 optimize performance of assignDepth
• 6bf5df5 Fixed template.md
• 90ab23a Merge branch 'master' into fix/hmr-before-node-stuff
• b0949cb add integration test for spread operator
• 39438c7 unittest now also walks the ast
• 15ab027 Merge pull request dolphinscheduler2.0 task failed apache/dolphinscheduler#6536 from jevan0307/sideEffects-selectors
• 1611ce1 Merge pull request [Feature][Doc] Add Task type switch apache/dolphinscheduler#6561 from joshunger/patch-1
• 6e175bc Merge pull request [1.3.9-prepare]upgrade version apache/dolphinscheduler#6549 from webpack/md4_hash
• 0637531 Add a hyperlink to create a new issue
• 0e1f9c6 Merge pull request 工作流定时任务自动触发不了 apache/dolphinscheduler#6554 from webpack/deps/end-of-beta
• 72477f4 upgrade versions to stable versions
• ed30285 Merge pull request [Improvement-6540][server] Optimize the code related to the processInstanceExecMaps object apache/dolphinscheduler#6546 from webpack/bot/review-permission
• 40ee8c7 Use MD4 for hashing

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability ([Feature][Batch export]Batch export workflow definition / data source / resource file apache/dolphinscheduler#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (shell run sqoop miss DB2 driver apache/dolphinscheduler#3675)
• 1768d6b fix: initial reloading for lazy compilation ([Feature][process_definition] process definition need to support parallel or serial choose. apache/dolphinscheduler#3662)
• 4f5bab1 docs: improve examples (安装问题 apache/dolphinscheduler#3672)
• f2d87fb fix: improve https CLI output (create db2 connection error apache/dolphinscheduler#3673)
• 0277c5e chore: remove redundant console statements ([Test][remote]update netty util test and fix init channel error apache/dolphinscheduler#3671)
• 16fcdbc docs: add `ipc` example ([Improvement][remote] linux platform default use epoll apache/dolphinscheduler#3667)
• 8915fb8 test: add e2e tests for built in routes ([Improvement-3668][Server] ProcedureTask,SqlTask code structure standardization and checkstyle apache/dolphinscheduler#3669)
• 4d1cbe1 docs: ask `version` information in issue template ([Improvement][Server] ProcedureTask,SqlTask code structure standardization and checkstyle apache/dolphinscheduler#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 ([feature-3665][ui]Add element-ui apache/dolphinscheduler#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 ([Feature][ui] DS Plug-in add element-ui apache/dolphinscheduler#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API ([Feature]补数时日期填写，建议可文本编辑、日期选择多种填写方式 apache/dolphinscheduler#3660)
• d8bdd03 test: fix stability (I have a master who has been down at the same time for two consecutive days. Is there any boss who can help me to see why apache/dolphinscheduler#3661)
• 22b1414 refactor: remove `killable` ( [improvement][remote]use EpollServerSocketChannel when system is linux apache/dolphinscheduler#3657)
• 75bafbf test: add e2e tests for module federation ([Fix][api] Add queryProjectCreatedAndAuthorizedByUser function apache/dolphinscheduler#3658)
• 493ccbd chore(deps): update `ws` ([Improvement][server] WATERDROP task plug-in optimization in switch case code cleaning. apache/dolphinscheduler#3652)
• ae8c523 test: add e2e test for universal compiler ([improvement][remote]use EpollServerSocketChannel when system is linux apache/dolphinscheduler#3656)
• f94b84f chore(deps): update ([Bug][api] Save the workflow, if the tenant is default, workflow shoud be run successfully apache/dolphinscheduler#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo ([Question] globalParams duplicated in table[t_ds_process_definition] apache/dolphinscheduler#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option ([Improvement][api] Task-record code cleaning apache/dolphinscheduler#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging ([Question][master-server]sometimes one command would be execute more than one times apache/dolphinscheduler#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.